Wireless LAN Location System

Document Sample
Wireless LAN Location System Powered By Docstoc
					Wireless LAN
                                       By Johnny Shih

School of Information Technology and Electrical Engineering,
The University of Queensland

A thesis submitted for the degree of
Master of Engineering
In the division of Telecommunications Engineering

November 2003

                                                              Meiers Road


                                                                QLD 4068

                                                        Tel. (07) 3871 3353

                                                       November 21, 2003

Head of School

School of Information Technology and Electrical Engineering

University of Queensland

St. Lucia, QLD 4072

Dear Professor Kaplan,

In accordance with the requirements of the degree of Master of

Engineering in the division of Telecommunications Engineering, I present

the following thesis entitled ‘Wireless LAN Location System’. This work

is performed under the supervision of Dr. Vaughan Clarkson. I declare

that the work submitted in this thesis is my own, except as acknowledged

in the text and footnotes, and has not been previously submitted for a

degree at the University of Queensland or any other institutions.

Yours Sincerely,

Johnny Shih

In recent years, Wireless LAN technology has been gaining popularity around

the world with its sub standard 802.11b receiving major deployments in many

indoor environments. Various location types ranging from the small business

offices to the large multi-floored corporate buildings are having WLAN

equipments to provide wireless local area network and Internet access.         The

aim of the project is to develop an indoor location system that works in

conjunction with these 802.11 standard access points preinstalled in the

locations. The location system is designed to operate on handheld devices (e.g.

PDA).   It is expected that a prototype is constructed at the end of the project

and could be tested in a nominated indoor location to evaluate the actual

usability of such design in real-life situations.

Wilfis (Wireless LAN Location System) is the resulted software-based design

developed to run on an iPAQ H3630 handheld device.         The application which

was written in C and C++ languages contains two programs – WiFi Location

System and AP Scanning Tool.              WiFi Location System is capable of

identifying position of the device in relation to the indoor environment, using

signal information of surrounding access points, a pre-constructed radio map

and a mathematical algorithm.        AP Scanning Tool provides the ability to

detect the nearby access points and display their signal-related information.

For this project, Wilfis is to be tested at UQ Centre hall in the University of the

Queensland.     Several testings using the final design have shown a successful

positioning tool that give location estimation errors of 3 to 4 metres.

There are many people whom I would like to express my thanks to.        It is not

possible to accomplish this thesis project and its related documents without any

of them.

Firstly, I would like to thank to my thesis supervisor, Dr. Vaughan Clarkson who

has generously accepted me working in this great thesis topic. Throughout

development period, his advises and assistances in various ways have been

extremely helpful.

I want to thank the staffs who work in UQ Centre.   Their helps were needed to

carry out the design testings and I have received nothing but friendly and

prompt responses.     Also, to Dr. Gerd R Dowideit, thank you for your help with

the location surveying as well as the statistical and programming resources.

Many thanks to the Linux Open Source community, the people on,

Familiar and OPIE IRC and mailing lists, as well as the authors of mwvlan_cs and

orinoco_cs drivers.    Countless program compiling problems could not be

resolved without their generous helps.

Finally, I would like to my family and friends who have constantly been

supportive throughout the project development.    They have been the ones who

gave me strength working on this project until its completion.       I am very

grateful having them in my life.

1.      Introduction _________________________________________________1
     1.1.   IEEE 802.11 ___________________________________________________ 1

     1.2.   Location Systems – GPS__________________________________________ 3

     1.3.   Theis Aim _____________________________________________________ 4

2.      Background Theories and Literature Review ________________________5
     2.1.   Wireless LAN Communication and Detection__________________________ 5
       2.1.1.   Compatibilities of Different Standards __________________________________ 5
       2.1.2.   Station Detection __________________________________________________ 7
       2.1.3.   Station Communication______________________________________________ 7

     2.2.   Wireless LAN Positioning _________________________________________ 8
       2.2.1.   Empirical Model____________________________________________________ 8
       2.2.2.   Propagation Model ________________________________________________ 10

     2.3.   Project Related Works __________________________________________ 11
       2.3.1.   RADAR Project [5] ________________________________________________ 12
       2.3.2.   Advanced Wavelan Position Project [6] ________________________________ 14
       2.3.3.   Amulet Project [7]_________________________________________________ 15
       2.3.4.   Halibut Project [9]_________________________________________________ 16
       2.3.5.   Ekahau Positioning Engine [10] ______________________________________ 17
       2.3.6.   Other Projects ____________________________________________________ 18

     2.4.   Comparisons__________________________________________________ 19

3.      Project Specification and Chosen Design Method ___________________20
     3.1.   Project Specifications ___________________________________________ 20

     3.2.   System Design Choice __________________________________________ 20

4.      Project Background Theories ___________________________________22
     4.1.   Wireless LAN Scanning__________________________________________ 22
       4.1.1.   RF Monitoring ____________________________________________________ 22
       4.1.2.   Active Probing ____________________________________________________ 23
       4.1.3.   Wireless Extensions and Wireless Tools for Linux ________________________ 24

     4.2.   K-Nearest Neighbour Algorithm ___________________________________ 25

5.      Project Preparation ___________________________________________28
     5.1.   iPAQ H3630 with Orinoco-based Wireless LAN PC Card ________________ 28
     5.2.   Familiar and OPIE______________________________________________ 29

     5.3.   Remote PC and Cross-Compiler ___________________________________ 30

     5.4.   Wireless LAN Linux Drivers ______________________________________ 31

     5.5.   UQ Centre Hall ________________________________________________ 31

6.      Project Implementations ______________________________________33
     6.1.   Wireless LAN Scanning__________________________________________ 35
       6.1.1.   orinoco_cs and prismstumbler (althernative)____________________________ 36
       6.1.2.   mwvlan_cs and modified iwlist_______________________________________ 37

     6.2.   K-Nearest Neighbour Search Function ______________________________ 38

     6.3.   Radio Map and Database Constructions ____________________________ 40

     6.4.   Main Program and GUI__________________________________________ 42
       6.4.1.   WilfisWindow Class ________________________________________________ 43
       6.4.2.   MiniClient Class ___________________________________________________ 43
       6.4.3.   Opie Graphical Interface ____________________________________________ 44

7.      Project Status and Testing _____________________________________46
     7.1.   Project Status _________________________________________________ 46

     7.2.   Project Testing and Performance __________________________________ 47

8.      Future Improvements_________________________________________49

9.      Conclusion__________________________________________________50

10. References _________________________________________________51
Wireless LAN Location System                                                   1

1. Introduction

   1.1. IEEE 802.11

IEEE 802.11 standard [1], also called Wireless LAN (WLAN) is the one of the

recent additions to the field of wireless communication.    The WLAN standard,

approved by IEEE 802.11 workgroup back in June 1997 was invented to

enhance to the uses of current computer networking. It enables the local area

networks (LAN) to be easily extended through wireless communications.         The

technology has proven to be extremely useful in the cases when mobile

computers need to connect to existing backbone LANs.

The base IEEE 802.11 standard provides asynchronous and connectionless

wireless communications at data transfer rates of 1 and 2 Mbps.    The data rates

the standard offers were considered insufficient to incorporate with current LAN

technology and therefore has never reach into massive crowds.        However, as

the standard was gradually enhanced (in terms of functionalities and data

transfer rate) through document additions for few years, it finally found its way

into the IT world.   The document additions which later created are designated

by a letter following the 802.11 name, for instances, IEEE 802.11a, IEEE

802.11b and IEEE 802.11g.

The 802.11a standard was approved in July 19. It operates at 5 GHz band

frequencies and was the first to offer wireless high data transfer rate at 54 Mbps.

The 802.11b, also approved in July 1997, operates at 2.4 GHz frequency band.

The standard provides a maximum data rate of 11 Mbps.         The 802.11g is the

                                                                   Johnny Shih
Wireless LAN Location System                                                 2

newest WLAN standard aiming to provide data rates higher than 11 Mbps when

running at the same 2.4 GHz frequency band as the 802.11b standard.

802.11g specification was finalised and approved recently in June 2003.

In a short summary for the three standards, the 802.11b is currently the most

widely deployed and has diminished the use of 802.11a in many places.        The

802.11b is more popular mainly due to its greater coverage in indoor

environments, despite its lower bandwidth than the 802.11a.       Operating at

2.4GHz (as opposed to 5 GHz for the 802.11a), the signals transmitted using the

802.11b standard can penetrate objects with less signal energy reduction and

can travel longer distances, which therefore provides greater signal coverage.

Due to the immense popularity and rapid adoption of the 802.11b standard, the

802.11g was later designed to provide much demanded higher data transfer

rates, while staying backwards compatible with the legacy 802.11b devices.     It

is important to note that due to different frequencies that the 802.11a and

802.11b (as well as the 802.11g) operate at, an 802.11a-compliant device will

be not able to communicate with any of the 802.11b and 802.11g devices.

In the initial proposal for the project specifications, the 802.11b standard

devices were assumed to be the ones the design will require operating on.    The

choice of this standard makes sure that the final product of the project can be

usable in more locations and while remain very likely expansion to work with the

802.11g devices in the future.

                                                                 Johnny Shih
Wireless LAN Location System                                                 3

   1.2. Location Systems – GPS

Developments on location finding systems such as Global Position System (GPS)

have always concentrated to provide positioning capability in open outdoor

environments.   The fundamental theory behind most of the location system

designs is remains the same – the positioning device determines its location by

finding relative distances to one or many fixed (reference) points.      These

points are the electronic systems that can communication with the positioning

device and provide relevant information that help to finding the location.   For

instance, a GPS receiver operates in conjunction with the satellites orbiting

above the earth, and in many cases three satellites are used to calculate the

distances to the GPS receiver.       By using triangulation method, it can then

determine its location in 3D space.    In some complicated GPS design (e.g. GPS

for aircraft navigations), four satellites are required to compute for the four

dimensions – X, Y, Z and time [2].

Current location system designs have proven to work very accurately in the

outdoor environments.      These designs, however, have never worked as

accurately into close-spaced, indoor environments. The reason is because the

relative distances between the reference points and the location device cannot

be easily calculated, as the communication paths that the radio signals travel

through are long and not always empty. In fact, because in most cases the

reference points that use in the GPS are satellites and there are the building

structures as obstacles for the transmitting signals, positioning accuracy is

always heavily affected.

                                                                 Johnny Shih
Wireless LAN Location System                                                   4

   1.3. Theis Aim

This thesis project intends to utilise the popular WLAN equipments and design a

location system that would work effectively in indoor environments.          More

specifically, the aim of the project is to design a software-based location finding

system that operates on a handheld device.          The system determines the

position by communicating and retrieves signal strength information from the

802.11b-compliant devices, 802.11b access points.      The handheld device is an

iPAQ H3600 with a PCMCIA expansion pack.          An 802.11b-compliant PCMCIA

card is used in the handheld to enable communications between the handheld

and the 802.11b access points.       A total of six 802.11b access points are

pre-installed in the UQ Centre of the University of Queensland, provided as a

design testing environment.

Although the performance of the Wireless LAN Location System will be assessed

primarily depending on the test results in the UQ Centre, the design of the

system will be carried out to provide great flexibilities and be able to operate in

other indoor environments without requiring much of system (software)


If the outcome of the project is proven to be successful and because the

Wireless LAN deployment is expected to continue to grow, the design might be

showing what it could be a popular and an inexpensive solution for mobile

indoor positioning in the near future.

                                                                   Johnny Shih
Wireless LAN Location System                                                 5

2. Background Theories and Literature Review

Prior to the design phase of a project, there is a planning phase. The planning

phase is essential and will increase the chances in resulting a successfully

project towards the end.       The phase in many cases means researching in

relevant works and investigating and understanding background theories behind

the project’s system design.    The literature review provides a summary of the

Wireless LAN researches and projects that have been or are currently developed.

The background theories covered in the chapter are all Wireless LAN technology

related.   They include issues on how the WLAN stations detect and

communicate to each other and what methodologies there are for Wireless LAN


   2.1. Wireless LAN Communication and Detection

To figure out how to use the provided Wireless LAN card to retrieve signal

information of surrounding wireless stations, the basic Wireless LAN operations

need to be understood. Since the Wireless LAN technology is a topic too broad

to be fully covered in few pages, only knowledge regarding station detection and

communication are discussed here.

       2.1.1.    Compatibilities of Different Standards

It is important to realise that the Wireless LAN (IEEE 802.11) is a standard that

defines a common, shared operation scheme for all the 802.11-compliant

devices.   However, the 802.11 devices may be developed using different

physical designs that function with different signal modulation schemes and the

                                                                  Johnny Shih
Wireless LAN Location System                                                 6

devices using different designs may not be able to communicate.        The IEEE

802.11 Architecture is shown to better explain the differences.

                       Figure 1 – IEEE 802.11 Architecture

IEEE 802.11 specifications define the Medium Access Control (MAC) and

Physical (PHY) Layer components for wireless type of transmission in IEEE 802

architecture.   The MAC layer is the common operation method that is used by

all the 802.11 or 802.11x (e.g. 802.11b) devices.   In the PHY layer, designs are

differentiated and devices using different PHY layers may not be able to talk to

each other.     The IEEE 802.11 has specified two underlying transmission

techniques for radio, Frequency Hopping Spread Spectrum (FHSS) and Direct

Sequence Spread Spectrum (DSSS).        Both or either techniques need to be

supported by the 802.11 devices so basic communications can be understood.

Since the FHSS and DSSS are not interoperable with each other, a device which

uses FHSS will not be able to interpret any information sent by a DSSS device.

In current markets, the DSSS has become the favoured implementation. The

802.11b and 802.11g added additional modulation schemes to enhance the data

transfer rates for actual data transmissions but the basic communications are

still done using DSSS [3].

                                                                  Johnny Shih
Wireless LAN Location System                                                  7

       2.1.2.    Station Detection

The communication process in any Wireless LAN network can be summarised

into three steps – scanning, authentication and association.       A station first

scans for existence of any wireless network within the range. If there is one or

more detected, the station then can choose which network to join, through the

authentication and association processes.    In the authentication process, the

802.11 security implementation Wired Equivalent Privacy (WEP) allows the

Wireless LAN networks to accept or eject any association request from the

mobile stations. Once the association process is completed, the station is said

to have joined the network.    Subsequently, the station is free to transmit data

within the network.

To support scanning, the IEEE 802.11 standard has specified that any

802.11-compliant device requires transmitting a beacon frame periodically to

announce its existence.   The beacon frame can be captured and understood by

all other stations.   The beacon frame also carries the information about the

belonging station’s capabilities, such as supported data transfer rates.

       2.1.3.    Station Communication

The IEEE 802.11 has defined two communication modes to allow data

transmissions between the stations: independent mode (ad-hoc) and

infrastructure mode.      In the independent mode, the wireless stations

communicate directly with each other within their coverage area.           In the

infrastructure mode, the stations communicate via wireless access points (AP).

                                                                  Johnny Shih
Wireless LAN Location System                                                   8

Every packet transmission from a mobile station reaches its desired destination

by sending it through the APs.        All the sub standard (e.g. IEEE 802.11b)

stations intercommunicate using either ad-hoc or infrastructure modes.

There are many types of communication defined in the 802.11 standard and

each type may use different frame formats.         Some types require stations

associating to a network beforehand but some do not.            In the project, a

communication type, called active probing is used to retrieve signal information.

   2.2. Wireless LAN Positioning

It has found that the most current solutions are based on the utilisation of signal

strength [4].      The signal strength values from the reference stations (access

points) are measured by the positioning device.    And based on theuse of signal

information (signal quality, signal strength, SNR and so on), there have been

two possible implementations – the empirical model and propagation model.

The explanations of the two models with corresponding related works are

covered below.

       2.2.1.      Empirical Model

The empirical model is based on storing pre-recorded measurements in a

database. A so-called “radio map” is constructed before location positioning

can begin. The radio map is the site map that contains markings of a series of

selected points.    The locations (coordinates) of these points are known and at

each point the signal information, such as signal strength value from the APs are

                                                                   Johnny Shih
Wireless LAN Location System                                                 9

collected and store into a database. When a device with unknown position

requests positioning, the signal information from all the APs are collected and

sent to the database for comparison.   An empirical model program created then

compares and finds the closest match in the entries of the known locations in

the database against the entry of the known point.          The location of this

matched known entry in the database is said to be the position of the query

point (the device).   Sometimes, more than closest matches are wanted and the

final location is determined by averaging the coordinates of these closest known


As it can be immediately seen, there are two disadvantages to the systems built

using the empirical model.    The systems will always require a considerable

amount of manual efforts on radio map and database constructions, when they

are to be used in a new environment.    The other disadvantage the system can

lose some accuracy when the current environment condition is different the

condition when the radio map was constructed.     The radio wave properties in

an indoor environment vary greatly depending on number of objects (e.g.


However, there are solutions to counter the disadvantages.            The map

construction process can always be automated via some software written

specifically to collect the data and write to the database.   The using of such

software can greatly speed up the construction processes.     Several radio maps

of the various conditions, such as number of people in the environment, can be

created and selected to use depending on to the environment condition at the

                                                                  Johnny Shih
Wireless LAN Location System                                                  10

time of positioning.

       2.2.2.    Propagation Model

Unlike the empirical model, the prorogation model tends to be more flexible.

The model is based on the fact that as a radio wave travels through an

environment it loses signal and the amount of signal strength that the radio

wave is dependent on the environment. The loss of the signal strength can

then be modelled by using known radio propagation and pathloss theories.

Using these theories, the distance from a wireless device to an access point can

then be calculated given the received signal strength loss value. By having the

distances to three and more access points, triangulation method can be applied

to determine the location of the device.     The propagation model is the ideal

model to be used in the Wireless LAN positioning or any other indoor positioning

systems.   Because the location is computed depending solely on the relative

distances to surrounding access points, the systems will be able to work in all

environments as long as the positions of the access points in the area map are

first known.

Although the propagation model is the best solution to be used, there have been

various difficulties in the actual implementations.   In order to achieve accurate

results, the signal pathloss values that the positioning system received from the

access points have to be precise.   In many cases, it means the systems have to

be a complete design covering hardware and software. The hardware needs to

be carefully thought out so it interprets receiving radio wave signals to return

the correct pathloss values.   The software needs to be specifically written to

                                                                   Johnny Shih
Wireless LAN Location System                                                  11

understand the communication at the hardware layer so it obtains correct signal

values for distance calculations.     As a result, system designs using the

propagation model are always much more complicated.

In addition to the complication of the model, many existing systems have shown

that the accuracy of positioning will decrease as the distance between the

positioning device and the affiliated access point increases.       It is mainly

because that the radio signal will more likely be affected by more factors (e.g.

change of humidity) as it travels in longer distances in the air and the resulted

path loss values of the signal when the device receives will not be the same as

predicted from the radio propagation and path loss theories.

To eliminate the aforementioned problems and increase the positioning accuracy,

the system can be designed to give the primary access point (which has the

least pathloss value) a higher weight in the triangulation algorithm. In addition,

a more complicated of the radio theories can be applied.

   2.3. Project Related Works

The idea of developing positioning tools with uses of the 802.11 standard

equipments is not entirely new.       There have been various Wireless LAN

positioning research and design projects based on the empirical and

propagation models.     While the research projects concentrated on finding

design ideas that would be derived from relevant theories, the design projects

have actually gone into designing, manufacturing and supported by test results.

                                                                  Johnny Shih
Wireless LAN Location System                                                    12

Here, any of projects that provided useful information towards our design are

discussed here.

      2.3.1.       RADAR Project [5]

RADAR is an in-building radio frequency (RF) based user location and tracking

system.     The project was one of the very first research efforts into the Wireless

LAN positioning technology and many later projects were started heavily

replying on the methodologies it has represented.         As the RADAR’s official

document describes – “the system combines the empirical model measurements

with the signal propagation modelling to determine user location and thereby

enable location-aware services and applications”, which in fact means that the

two models were made into separate designs and tested and compared


The project was conducted and sponsored by Microsoft Research to investigate

the achievable degree of accuracy when performs positioning using RF-based

equipments.      The Wireless LAN devices were used throughout the project

testings. Instead of using Wireless LAN access points, base stations were all

Pentium-based PCs running FreeBSD 3.0 equipped with wireless adapters.          The

mobile host waited to be tracked was a Pentium-based laptop computer running

Microsoft Windows 95.

In the empirical model design, RADAR used the signal information including

signal strength and signal-to-noise ratio (SNR).    The selected known points on

the map radio and stored in the database did not only contain location

                                                                    Johnny Shih
Wireless LAN Location System                                                        13

coordinates (x and y) but also directions (north, south, west and east). To

determine the unknown point’s location, “k-nearest neighbour search” algorithm

(later explained) was used to compute k number of the known locations closest

to the unknown point by matching the database entries. The k value from 1 to

10 was experimented.

In the propagation model, RADAR used Wall Attenuation Factor (WAF) to

calculate the distances using the path loss. The WAF equation was described

as following:
                                                  d    ⎧nW *WAF , nW < C
          P (d )[dBm] = P(d 0 )[dBm] − 10n log(      )−⎨
                                                  d 0 ⎩C *WAF   , nW ≥ C

n indicates the rate at which the path loss increases with distance, P(d 0 ) is

the   signal    power   at   some     reference      distance   d0   and   d   is   the

transmitter-receiver separation distance.           C is the maximum number of

obstructions (walls) up to which the attenuation factor makes a difference, nW

is the number of obstructions (walls) between the transmitter and receiver, and

WAF is the wall attenuation factor. In general, n , the path loss exponent

and WAF depend on the building layout and construction material and are

derived empirically.

Based on the measurements in their testing environment, a WAF of 3.1 dBm

and C of 4 were chosen for the WAF equation. The n of 1.523 and 0 of

58.48 dBm were selected by finding that the values for all three access point are

similar, despite their different physical locations and surroundings.

                                                                       Johnny Shih
Wireless LAN Location System                                                            14

In the final results published, RADAR has shown an estimation error of 2.94

metres when using the empirical model and 4.3 metres when using the

propagation model.

        2.3.2.      Advanced Wavelan Position Project [6]

The Advanced Wavelan Position project was a student team project in Lulea

University of Technology and intended to re-experiment both empirical and

propagation models proposed in the RADAR project.                  In the implantation using

the empirical model, signal strength was the only parameter taken during the

radio map construction and used later in the positioning.                In the propagation

model, a simpler radio propagation method was used:
                             P(d ) = P(d 0 ) − 10n log(      )

P (d ) is the signal strength value measured at distance d, P (d 0 ) is the the

valued measured at some reference distance d 0 .                 d is the unknown distance

to be calculated.

The system design consisted of a client, a database, a server and a map setup

tool.   The client was the positioning device that was responsible for collecting

the signal strengths it currently can hear, sending them to the server for

processing and finally presenting the calculated location on the selected map.

The database was used to store all pre-measured values if the empirical model

was chosen.      If the propagation model was used, the database will be omitted.

                                                                            Johnny Shih
Wireless LAN Location System                                                  15

The server provided functionalities to receive the current signal strengths from

the client and calculate and return the most probable position of the user.   The

server was used to have the calculations being performed somewhere else than

on the client, in order to save processing power on for example handheld devices

or slower computers. The map setup tool created the maps that would be used

on location display machines (e.g. handheld). The map setup tool assigned

coordinates and had the ability to place user specified objects such as stairs and

toilets on the maps.

Unfortunately, the project’s design was not fully completed at the end. It was

unclear if any graphical interface for displaying the positions has been created

(either on server or clients).    However, the project did produce some testing

results and in particular, the propagation model implementation has shown

positioning errors between 7.3 and 2.8 metres.

      2.3.3.     Amulet Project [7]

The Amulet (Approximate Mobile User Location Tracking System) project is a

practical design, making uses of similar empirical model proposal also from the

RADAR project.    Amulet is modular software developed solely by Mr. Blake M.

Harris in the University of Rochester, USA and the application operates on recent

versions of Linux desktop operating systems.

The project is a practical presentation of Wireless LAN positioning technology

using the empirical model.       The Amulet system breaks the design into three

modules with intercommunicating with each other – Access Point Statistics

                                                                  Johnny Shih
Wireless LAN Location System                                                 16

Recorder (APSR), Nearest Neighbour Association Module (NNAM) and Map GUI.

The APSR module is a shell script that continuously logs signal information from

all the requested access points. The module collected signal information from

the access points by using Linux Wireless Tools iwspy interface and allowed

maximum 8 entries at each operation (Linux Wireless Tools is discussed in later

chapters). The NNAM implements the k-nearest neighbour algorithm, same as

what was used in the RADAR project. The NNAM reads in the most current

access point information from the APSR, obtains the coordinates of the k nearest

neighbour in signal strength space and output those coordinates to the

application that needs access to them.     The Map GUI module is simply an

application to visualise the points included in the radio map and the location of

the positioning device.   The Map GUI was written in Java Swing of the Java

Foundation Class (JFC) [8].

“Signal quality” was the signal information collected during the radio map and

database constructions.    Using the signal quality values instead of signal

strength has shown results in no much difference to the positioning accuracies.

A 3 to 5 metres resolution was achieved and was slightly less accurate than the

RADAR system due to its less detailed empirical measurements.        The RADAR

system used more advanced methods used in averaging signal values, as well as

gathered user orientation data when collecting radio map points.

      2.3.4.     Halibut Project [9]

Halibut is a undergoing research project n Stanford University, USA.         The

project uses the propagation model exclusively for the positioning and considers

                                                                   Johnny Shih
Wireless LAN Location System                                                    17

various parameters affecting the radio wave propagation, including standard

free space loss, signal attenuation, diffraction, multi-path fading and a random

variable to model log-normal shadowing.              An equation similar to the WAF

theory used in the RADAR project:
                         Pl (d ) = Pl (d 0 ) + 10n log(      )+ Xa

Pl (d ) is the pathloss measured at distance d, Pl (d 0 ) is the pathloss measured

at some reference distance d 0 , n is a constant describing the pathloss in the

environment and X a is the zero mean Gaussian random variable describing the

effects of log normal shadowing.

There was no published information found regarding to any experiment or

testing results.

        2.3.5.     Ekahau Positioning Engine [10]

Ekahau Positioning Engine

is a commercially available

Wireless LAN positioning

tool.   The engine makes

uses of both empirical and

propagation models and

has been developed to work on many platforms including desktop PCs, laptops

and handhelds.     It is fully software based and compatible with the newest

                                                                      Johnny Shih
Wireless LAN Location System                                                    18

Windows operating systems.

The Ekahau Positioning Engine comprises of three modules – Ekahau Client,

Ekahau Manager and Positioning Engine. The Ekahau Client is to be installed

on every client device (the device to track) and is responsible for retrieve the

signal strength (RSSI) and other information from the supported Wireless LAN

cards.    The Ekahau Manager is the application for site calibration using its

proprietary Site CalibrationTM technology, as well as logical areas, live tracking

and accuracy analysis.     The Positioning Engine is a server application for

calculating the device coordinates and stores the calibration data.

As being a commercialised product, it has claimed to achieve up to 1 metre

average in the positioning accuracy.    The client and server modes enable the

ability to locate positions of multiple devices and display all the points on any of

the device.

         2.3.6.   Other Projects

There were two other projects related the Wireless LAN positioning technology.

Having not been researched in depth during the project development, they are

only listed here for readers who are interested in further studying of the topic.

   1. CoSCo Group – University of Helsinki [11]
   The group later founded and developed the aforementioned Ekahau
   Positioning Engine.

   2. SpotOn Project – University of Washington [12]

   The SpotOn is an application combining both hardware and software designs

                                                                    Johnny Shih
Wireless LAN Location System                                                19

   and it focuses on finding distance between two radio transceivers (Ad-hoc


   2.4. Comparisons

Having looked through various projects involved in the Wireless LAN positioning

development, the advantages and disadvantages of the empirical and

propagation models can be summarised as in the following table:

Table 1 - Empirical and propagating model comparisons
                                    Empirical                Propagation

     Design Complexity                Low                        High
    Positioning Accuracy              Good                       Fair
          Reusability                 Low                        High
          Set-up Cost                 High                       Low

The designs using propagation model have shown to be more cost effective than

the empirical model in the sense that it does not require detail measurements to

generate a signal strength map.     To design a positioning system balanced

between the cost and performance, both models should be used.

                                                                 Johnny Shih
Wireless LAN Location System                                                 20

3. Project Specification and Chosen Design Method

After the literatures have been carefully evaluated, a design method was thus

selected, according to the project specifications.     This section defines the

project specifications and covers all necessary information behind the chosen

design method.

   3.1. Project Specifications

Since the project tends to be software-based, the only specification was that this

Wireless LAN location system has to work on the given hardware (iPAQ H3630

with 802.11b Wireless LAN card).    There were no restrictions on what languages

project application had to be written, nor do the operating systems the

application need to support.   The testing environment is at the UQ Centre of the

University of the Queensland and 6 access points will be pre-installed for testing


   3.2. System Design Choice

Without much design restrictions, either of the aforementioned positioning

models can be used. The final design chose the empirical model, mainly due to

the given time constraints to fully complete and test the system.      The actual

design steps using this model did not differentiate too much from what has been

proposed in the RADAR project.     The system retrieved signal information from

surrounding access points and determined the location by match the information

                                                                  Johnny Shih
Wireless LAN Location System                                                    21

with a radio map database.    The k-nearest neighbour algorithm was used to find

the matched locations.

The project decided to use the embedded Linux operating system for the

project’s handheld iPAQ.     Being an Open Source operating system, the Linux

enables the developers to fasten the software development by sharing software

source codes.    And to this project, the free accessibility of the codes was

certainly essential, in help to find a device driver to provide the functions to scan

and retrieve signal information.

Familiar was the Linux OS used because it was fully tested working on the iPAQ

H3630 and its Open Source community via mailing lists or IRC (Internet Relay

Chat) has provided great assistance throughout the project development.

                                                                    Johnny Shih
Wireless LAN Location System                                                    22

4. Project Background Theories

There are two essential background theories relevant our design using empirical

model. One is how to enable the project hardware to retrieve information from

surrounding stations.    The other is how to implement k-nearest neighbour

algorithm into the system.   This chapter covers these two issues.

   4.1. Wireless LAN Scanning

In the Wireless LAN, there are two ways to scan and retrieve the signal

information from surrounding stations and access points: RF Monitoring and

Active Probing.

       4.1.1.     RF Monitoring

The RF monitoring (RFMON) technique is to make uses of the beacon frames

sent out periodically from the 802.11 stations.    A Wireless LAN card with an

appropriate driver support can be used to continuously capture the beacon

frames in the air and the frames then can be passed to any packet analyser that

recognises the beacon frame formats, to retrieve the information in the beacon

frames.   In most cases, the beacon frame contains signal information related

the frame transmitter and the receiver.

While a Wireless LAN card is in RFMON mode, it will not be able to transmit any

frames but only listen in the air medium to capture traffic.   This limits the client

to reporting only current or recorded network traffic. This can be a problem in a

                                                                   Johnny Shih
Wireless LAN Location System                                                   23

Wireless LAN position system design that wants to support client and server

mode.      The signal information received by the client will be immediately

transmitted to the central server.

In Linux, a Wireless LAN card uses the RFMON via support of its device driver

and Linux Wireless Extensions (later discussed).      As to the packet analysers,

there are three well-known packet sniffing applications that can run in Linux

systems and will support RF monitoring and display the information in an 802.11

beacon frame after decoding. They are netstumber [13], ethereal [14] and

prismstumbler [15]. In particular, prismstumbler is the application developed

directly to support the Linux Familiar embedded operation system.

         4.1.2.     Active Probing

The active probing method uses IEEE 802.11 specific “probe request frames” on

each channel where it is able to detect wireless activity.   When an access point

comes within range of a client station and receives a probe request frame the

access point will typically have to respond with a probe response frame. The

probe response frame will contain various information similar to the beacon

frame.     The active probing method for network discovery is the easiest to

implements.       Unlike the RF monitoring, the device that uses the active probing

method is able to transmit and receive data at the same time.

However, this method has the distinct disadvantage compared to RF monitoring.

It is unable to discover wireless networks that are configured not to advertise

their existence (Not transmitting any probe response frame) via a cloaked ESSID

                                                                   Johnny Shih
Wireless LAN Location System                                                   24

(Extended Service Set Identification) configuration.        In the Wireless LAN

positioning design, that implies all the reference access points have to be in

broadcast, which sometimes might not be desired due to security measurements.

Similar to the RF monitoring, the active probing has to be supported by the

Wireless LAN card’s device driver, via the Linux Wireless Extensions.     With the

active probing wireless extension, the device can easily retrieve station’s signal

information by using Linux Wireless Tools.        There is no need of a packet


       4.1.3.      Wireless Extensions and Wireless Tools for Linux

The Linux Wireless Extensions [16] and the Linux Wireless Tools [17] are an

Open Source project sponsored by Hewlett Packard since 1996, and build with

the contribution of many Linux users all over the world.

The Wireless Extensions is a generic application program interface (API)

allowing a driver to expose to the user space configuration and statistics specific

to common Wireless LANs.       The beauty of it is that a single set of tool can

support all the variations of Wireless LANs, regardless of their type (as long as

the driver supports Wireless Extensions).         Another advantage is these

parameters may be changed on the fly without restarting the driver (or Linux).

The Wireless Tools is a set of tools allowing manipulating the Wireless

Extensions.     They use a textual interface and are rather crude, but aim to

support the full Wireless Extensions.      The latest version of Wireless Tools

                                                                   Johnny Shih
Wireless LAN Location System                                                            25

(Version 26) contains four commands:

   •   iwconfig – used to manipulate the basic wireless parameters

   •   iwlist (formerly part of iwspy) – used to allow to list addresses,

       frequencies, bit-rates and other signal related information

   •   iwspy – used to allow to get per node link quality

   •   iwpriv – used to allow to manipulate the Wireless Extensions specific to a


In recent versions of Wireless Tools, iwlist supports buffering AP information of

up to 64 entries, in the project’s design it implies the device can detect

maximum 64 access points at once (compared to 8 in the Amulet project).

Both Linux Wireless Extensions and Wireless Tools were written by Jean


   4.2. K-Nearest Neighbour Algorithm

K-Nearest Neighbour is a simple algorithm that stores all available examples and

searches for a supplied entry the k number of the examples that have the

highest similarity measures.          The examples and the supplied entry are

numerical values in the same formats and the similarity measure is determined

by the “vector distance” between the supplied entry and each example.                  The

vector distance is defined by Euclidian distance.         If the example vector is said

to be ( X e , Ye , Z e ) and the supplied data entry is ( X s , Ys , Z s ) , then the vector

distance between the two vectors is ( X e − X s ) 2 + (Ye − Ys ) 2 + ( Z e − Z s ) 2 ; The

                                                                           Johnny Shih
Wireless LAN Location System                                                26

lower the vector distance is, the higher similarity measure is between this

example and the supplied entry.

When using in the Wireless LAN positioning, a database may contain a set of

examples where an example is a series of signal strength values from a fixed

number of access points.     The examples are collected during the radio map

construction and each example corresponds to a known X-Y coordinates on the

map.   A client scans the signal values from the same access points and stores

into an entry in the same order. This entry is then compared with the examples

in the database and retrieves a k number of nearest examples, using the

K-Nearest Neighbour algorithm. The locations corresponding to these nearest

examples should then be the ones closest to the location of the client.        Of

course, when k = 1, the location of the nearest neighbour can be said to be the

location of the client. However, since the radio map is usually made such that a

fixed point is always a constant distance from the other fixed point, the real

location of nearest neighbour may not be at a fixed point but among various

fixed points.   Therefore normally it is more accurate to decide the location of

the client by averaging the locations of k fixed points, where k is kept small.

The figure next page is an illustration of how averaging multiple nearest

neighbours (N1, N2, N3) can lead to a guess point that is closer to the true

location than any of the neighbours is individually.     However, for large k,

accuracy degrades rapidly because points far removed from the true location

also are included in the averaging procedure, thereby corrupting the estimate.

                                                                 Johnny Shih
Wireless LAN Location System                                                27

                 Figure 2 – K-nearest neighbour search (k = 3)

Fortunately, there is no need to start from the scratch in order to implement the

K-nearest neighbour algorithm in the system design.          ANN (Approximate

Nearest Neighbour) [18] is library written in C++ which supports data structures

and algorithms for both exact and approximate nearest neighbour searching in

arbitrarily high dimensions.   ANN was successfully compiled and run in the

embedded Linux OS.

                                                                 Johnny Shih
Wireless LAN Location System                                                     28

5. Project Preparation

For any software-based project, the preparation stage is most likely about setting

up a working programming environment. And normally when an application is

to be developed for embedded type of devices, the programming environment

will on a remote desktop PC as it provides large storage space (to store

cross-compiler and    program source codes) and faster CPU.       The application

would be written on the PC, and cross-compiled using the specific cross-compiler

for the target platform and directly sent to the target device for executions.

To design the application of this project, a cross-compiling environment was

required to be setup. In this chpater, all the components in order to setup the

environment are discussed.

   5.1. iPAQ H3630 with Orinoco-based Wireless LAN PC Card

The target device is an iPAQ H3630 [19]. The handheld equips a 32-bit Intel

StrongARM SA-1110 microprocessor, running at 206 MHz on a 100 MHz memory

bus. It contains 32MB RAM and 16MB ROM to store the embedded operating

system and applications.      To make the H3630 Wireless LAN enable, a

compatible PCMCIA expansion pack was added to the handheld to use Orinoco

Silver Wireless LAN PCMCIA card [20].        The Orinoco Silver is an 802.11b

standard WLAN client supported by various Linux drivers.         Serial and USB

cradles for H3630 were both used throughout the project development to

transfer data from the regular desktop PCs to the handheld.

                                                                  Johnny Shih
Wireless LAN Location System                                                        29

    5.2. Familiar and OPIE

Due to the project needs, the operating system in the iPAQ H3630 was replaced

with Familiar (Linux-based embedded operating system) from the original

Microsoft Windows CE.          Installing atop the Familiar is a graphical user interface

environment called Open Palmtop Integrated Environment (OPIE).               In order to

run the Familiar OS, the original boot-loader on the handheld was also replaced.

The OS replacement was done by following the instructions on

website. How-tos –

Throughout the development, various versions of familiar were installed and

tested, mainly trying to find a Wireless LAN driver for the Orinoco Silver card that

could support either RF monitoring or active probing. It has taken a long period

of time learning how to recompile the embedded Linux kernel of the Familiar and

the device drivers.      The version 7.1 was the version was used.

Familiar Official Website –

Comparing to the installing experience with the familiar, developing a graphical

user interface under OPIE has been a smooth process.           OPIE is a ‘fork’ of Qtopia

environment developed by Trolltech [22]. It is a completely Open Source based

user graphical environment for PDAs and other devices running Linux.                 The

OPIE website provides a complete documentation of the OPIE application

programming interfaces (APIs), including the comprehensive start-up tutorials.

                                                                        Johnny Shih
Wireless LAN Location System                                                         30

In addition, through the help of the people on both the OPIE mailing list and IRC

channel, most of the GUI related development questions were solved without

much struggling.

OPIE Official Website –

    5.3. Remote PC and Cross-Compiler

The PC used to write and compile the application is a Compaq Presario 1700

series laptop.       The laptop was running a Pentium III 1 GHz mobile

microprocessor, with 512 MB of RAM.           Red Hat Linux 9 was installed and used as

the cross-compiling development platform.             With this setup, there was no

noticeable performance issue with compiling the C and C++ codes for the


The search of a cross-compiler that would work on the development platform has

caused nothing but headaches. There were various versions of cross-compilers

on the (the official website that hosts all the Linux embedded

developments) FTP server and none of them worked.               Eventually, through the

OPIE SDK Cookbook website, a RPM (Redhat Package Manager) based

cross-compiler was found that worked beautifully on the project’s setup.

OPIE SDK Cookbook –

Cross-compiler for StrongARM –

                                                                           Johnny Shih
Wireless LAN Location System                                                             31

    5.4. Wireless LAN Linux Drivers

There were two Linux drivers found that worked for the Orinoco Silver Wireless

LAN card and supported the RF monitoring and active probing wireless

extensions.     And using in conjunction with Linux Wireless Tools and Linux

packet analysers, both drivers were able to provide the desired functionality to

retrieve signal information from the access points.

StrongARM patched rinoco_cs driver supported the RF monitoring.                    The driver

was found installed in all the recent versions of the Familiar distributions.

However, later testings showed that only the drivers in Familiar version 7.0 and

newer provided the stable RF monitoring (did not crash the operating system).

The supplied orinoco_cs drivers in the Familiar distributions (through ipkgfind)

mwvlan_cs driver enabled the support of active probing.               The mwvlan_cs driver

obtained from the Mwvlan website was manually patched and compiled with the

Familiar source.     In a note, the Familiar FTP provided the StrongARM version of

the driver in binary format; however, the binary has never worked on project’s


Mwlvan_cs driver –

    5.5. UQ Centre Hall

The part of preparation involved setting up the testing environment – UQ Centre

                                                                               Johnny Shih
Wireless LAN Location System                                               32

Hall. There were a total of 6 802.11b access points installed on the top of the

inner roof and the roof was made of thick metal, which incurred strong pathloss

to the transmitting radio signals.

Thanks to the location surveying done by Dr. Gerd R Dowideit, the dimension of

the area under test was known to be 30.5 by 52 metres. The positions (in x

and y) of the access points were also roughly located as shown on the 2-D map

below.   Each access point which has been uniquely numbered was about 10.75

metres (z axis) above the floor level.

                        Figure 3 – UQ Centre location map

                                                                Johnny Shih
Wireless LAN Location System                                                     33

6. Project Implementations

The project implementations could be down into four parts:

   1. Wireless LAN Scanning – the driver was compiled and used in conjunction

       with the Linux Wireless Tools to retrieve signal information of the

       surrounding access points.       A function was derived from the iwlist

       command in the Linux Wireless Tools.

   2. K-Nearest Neighbour Search – a function that was written using the ANN

       libraries determines the position of the client by searching the k closest


   3. Radio Map and Database Constructions – prepares the pre-measured

       data entries that are used during the k-nearest neighbour search.

   4. Main Program and GUI – the main program was a single file blending the

       uses of aforementioned function calls and a graphic user interface.         It

       was written to enable users’ control of the application entirely through

       button clicks.   The interface provides the graphical display of the client’s

       location on a map.

The developments of the parts could be roughly distinguished by the project

source codes.   The figure below shows all the source files for the design.     The

Wireless LAN scanning was enabled through the functions written in apscan.c,

apscan.h (modified from the iwlist source files).   The iwlib.c and iwlib.h contained

the libraries of the Linux Wireless Extensions to be used by the apscan files.

The k-nearest neighbour search functions were in knn.cpp and knn.h.        The ANN

                                                                     Johnny Shih
Wireless LAN Location System                                                    34

libraries used by the functions is in ann_0.2 folder. The radio map database

mapstats files.   The mapstats.dat is the default file that the k-nearest neighbour

search function reads.     Finally, the main program and the GUI codes are

contained in main.cpp, wilfis.cpp and wilfis.h. All the jpeg format files (.jpg) are

the graphics used by the GUI.

                         Figure 4 – Wilfis souce code files

The resulted application developed for the project is called Wilfis (filename –

wilfis).   It contains two sub-programs, WiFi Location System and AP

Scanning Tool.      The WiFi Location System is the core application that

allows the Wireless LAN positioning at the UQ Centre. The AP Scanning Tool

scans and displays all the detected access points with signal information in a list


                                                                    Johnny Shih
Wireless LAN Location System                                                             35

   6.1. Wireless LAN Scanning

The Wireless LAN scanning was implemented successfully using both rinoco_cs

and mwvlan_cs drivers.        To load the driver for the hardware in the Familiar, the

binary format drivers were placed under the directory

                /lib/modules/<kernel version>/kernel/drivers/net/wireless

where the <kernel version> would be different depending on the version of

Familiar distribution used.     For instance, “2.4.19-rmk6-pxa1-hh13” is the kernel

version for Familiar 7.1.      As mentioned before,        rinoco_cs driver has been

included in most of the Familiar distribution, therefore already resided in the


Mwvaln_cs which retrieved signal information through active probing has shown

a better stability during various testings, compared to the                 rinoco_cs.    In

addition, the rinoco_cs required a packet analyser to decode the packets to get

the signal information.     The packet analyser used, prismstumbler was already

an application with a higher complexity, in comparison to using the mwvlan_cs

with the Linux Wireless Tool. Due to the above two reasons, mwvaln_cs was

the driver used to complete the complete system development. However, for

the interests of the readers, both implementations are explained here.

The file /etc/pcmcia/config was modified to have an entry such as following the

handheld could recognise the Orinoco Silver card and load the designated driver.

                                                                            Johnny Shih
Wireless LAN Location System                                                                36

device “mwvlan_cs”
  class “network” module “mwvlan_cs”

card “Lucent Technologies WaveLAN/IEEE Adapter”
  version “Lucent Technologies”, “WaveLAN/IEEE”
  bind “mwvlan_cs”

       6.1.1.         orinoco_cs and prismstumbler (althernative)

After the     orinoco_cs has been loaded successfully for the Orinoco Silver

Wireless LAN card, the support of RF monitor was checked by typing iwpriv

command in the Wireless Linux Tools. The following information was shown:

~ # iwpriv eth0
eth0      Available private ioctl :
            force_reset      (8BE0) : set      0         & get        0
            card_reset        (8BE1) : set     0         & get        0
            set_port3         (8BE2) : set     1 int    & get     0
            get_port3         (8BE3) : set      0         & get       1 int
            set_preamble       (8BE4) : set     1 int    & get        0
            get_preamble       (8BE5) : set        0      & get           1 int
            set_ibssport     (8BE6) : set      1 int    & get     0
            get_ibssport     (8BE7) : set      0         & get        1 int
            monitor            (8BE8) : set     2 int    & get        0

monitor as the available private ioctl (IO Control) indicated the RF monitoring has

been supported by the driver. prismstumbler first triggered the RF monitoring

in the hardware using an ioctl call.          The call caused the hardware to scan all the

available 802.11 channels for beacon frames.               Every beacon captured was then

passed to its packet analyser function. Decoded information would then be

stored into a fixed buffer (array). From there, the user could choose to output

                                                                                  Johnny Shih
Wireless LAN Location System                                                           37

and further manipulate any specific information in the buffer.

Because the scanning with the prismstumber was not the choice of the final

design, it won’t be further discussed. For the detailed implementation of the

prismstumbler, visit the prismstumbler website to download the source codes.

          6.1.2.       mwvlan_cs and modified iwlist

Similarly, iwpriv was issued in the handheld to check if the driver supported the

active probing as a Linux Wireless Extension.

~ # iwpriv eth0
eth0         Available private ioctl :
             sscan_enable         (89F7) : set   1 byte & get    0
             gscan_enable         (89F8) : set   0       & get   1 byte
             ap_scan              (89F9) : set   0       & get   0

sscan_enable, gscan_enable and ap_scan were the wireless extensions to

indicate the active probing has been supported.

By trying various combinations of the commands in the Linux Wireless Tools, it

was found that iwlist has allowed successfully retrieval of signal information of

the surrounding access points, with following the command and argument

format – iwlist <device name> ap. The result is demonstrated below:

~ # iwlist eth0 ap
eth0         Peers/Access-Points in range:
       00:80:C8:XX:XX:XX : Quality:39/92 Signal level:-58 dBm Noise level:-97 dBm (updated)

                                                                          Johnny Shih
Wireless LAN Location System                                                      38

From there, the complete iwlist source code was studied and later modified to

allow integration into the system design.        The major modification was to locate

the functions that were responsible for producing the result as shown above.

The functions with the necessary libraries were then separated out from the

Linux Wireless Tools and brought into the design.          The iwlist <device name> ap

performed the AP scanning through the following two functions

iw_get_ext(skfd, ifname, SIOCGIWAPLIST, &wrq);
iw_get_range_info(skfd, ifname, &(range);

In this case, iw_get_ext() function called the device to list all the information of

surrounding access points, by sending the ioctl command SIOCGIWAPLIST.

Iw_get_range_info() simply formatted the retrieved information and stored into a

designated array buffer.         The function also performed some statistical

calculations, such as the number of access points found in this scan.

Print_ap_info() was the function that the main program called to active the

Wireless LAN scanning and retrieve the signal information of the access points.

The complete code listings (apscan.c and apscan.h) of the modified iwlist used in

the application are referred to appendices 1-1 and 1-2.        The code was written

completely in C due to the driver-level access.

   6.2. K-Nearest Neighbour Search Function

The K-nearest neighbour algorithm was easily implemented in the design

through the use of ANN libraries. Knn.cpp and knn.h were the codes written to

                                                                      Johnny Shih
Wireless LAN Location System                                                           39

do specific calls to the ANN functions to performance the K-nearest neighbour

search for the designed application.             See appendices 2-1 and 2-2 for the

complete code listings.

The ANN parameters such as the dimension of each example point, dim and the

number of nearest neighbours to return, k were defined as global variables.

They can be dynamically changed for different requirements.

The K-nearest neighbour search was carried out by calling various defined

functions in the ANN.

Bool readPt(int n, ANNpoint p, int xcoords[], int ycoords[]);

bool searchKnn (void);

readPt() function reads all the points from radio map file (“mapstats.dat”) and

stores them into the database the kNN (ANN) algorithm that uses internally.

Once all the signal strength values of the 6 access points are placed into a query

point array, searchKnn() was called to perform an approximate k nearest

neighbour search of a query point. Within the function, the actual searching

was carried out when the following sub-function was called.

                    The_tree->annkSearch(query_pt, k, nn_idx, dists, eps);

query_pt is the array where the signal strength values of the to-be-determined

location are stored. K is the number of nearest neighbours to be returned.

                                                                             Johnny Shih
Wireless LAN Location System                                                      40

Nn_idx and dists are the nearest neighbour indices and distances respectively. Eps

is the bound error.

To use readPt() in the design, each line in the database file was read and stored

as a point in the ANN’s array type, *ANNpointArray.         Each point had the same

length of 6 elements, the 6 signal strength values of the 6 access points. In

addition, each point also stored its corresponding x and y coordinates in int

xcoords[], int ycoords[], with the same array index.      So when the k points of the

nearest neighbours returned, their locations were also known. The location of

the query point was the average of the locations of the k nearest points.

/* Average the locations of the k nearest neighbours */
for (I = 0; I < k; i++)
sumx += xcoords[nn_idx[i]];
sumy += ycoords[nn_idx[i]];

myPoint[0] = sumx/k;
myPoint[1] = sumy/k;

myPoint[0] and myPoint[1] represent the x and y coordinates of the query point

(the client) respectively.     The two values were passed to the main program for

GUI map display.

    6.3. Radio Map and Database Constructions

Only one set of the radio map and database based was done, specifically for the

system testing environment, the UQ Centre hall. To have a reasonably good

resolution in the positioning, a total 60 points were taken (10 by 6 grids).     The

                                                                       Johnny Shih
Wireless LAN Location System                                                  41

points were distributed evenly within the testing area.      Every two measured

points were separated for distances of 5.76 metres in x and 6.1 metres in y.

The figure below shows the setup for the radio map and the pink dots are the

reference points that the signal strength measurements have been taken.

                      Figure 5 - UQ Centre radio map setup

A program (derived from the Wireless LAN scanning code) was used to collect

the signal strength values of the access points at each point on the radio map.

The signal strength values for each point later placed in the database file were

average values from 120 times of continuous scanning.

The signal strength data was manually input into the database file with the

format (X, Y, AP_MAC, SS).     X and Y were the coordinates of the point that this

data entry was collected at.    The AP_MAC and SS corresponded to the signal

strength value retrieved from the access point of AP_MAC MAC address.         For

each location, there would be 6 entries to represent the 6 access points. A total

of 360 entries (60 * 6) were stored in the database file for this testing


                                                                   Johnny Shih
Wireless LAN Location System                                                              42

    6.4. Main Program and GUI

The main program (main.cpp, wilfis.cpp and wilfis.h) that was written in C++

controlled all the core function calls and the data flow.         The graphical interface

was also coded within the program.              The program consisted of two main

classes – WilfisWindow and MiniClient. The WilfisWindow was the class that

created the WiFi Location System, whereas the MiniClient class produced the

AP Scanning Tool.          See the appendices 3-1 and 3-2 for the complete code


In both classes, the AP scanning was set to run continuously (looping) until the

stop button has been pressed. Some sort of threading mechanism has to be

used to allow no interruptions between the scanning process and the GUI

process.    So when the scanning function was executed, the GUI control would

still be possible.      The mechanism chosen to do this was Qtimer::SingleShot

method from the OPIE API.

        Void Qtimer::singleShot ( int msec, Qobject * receiver, const char * member )

This singleShot function calls an OPIE type function (SLOT), const char *member

after a given time msec (in milliseconds).        Hence to produce a threading effect,

singleSlot() function would be placed in its calling function.

     Qtimer::singleShot (10*1000, this, SLOT(myfunction() );

Above example results myfunction() to be called in every 10 seconds.                    Here,

                                                                            Johnny Shih
Wireless LAN Location System                                                    43

myfunction() would work as a thread executing continuously in the background.

        6.4.1.         WilfisWindow Class

The class contains four functions.

Void resDisplay(void);
void openMiniClient(void);
void checkStart(void);
void setStart(void);

resDisplay() function refreshes the graphical display to contain only visual

components that were created by the class constructors.       checkStart() function

triggered by the button press starts and stops the positioning process.   setStart()

is the main function where the positioning is performed.     In this function, the

aforementioned print_ap_info() retrieves signal strength values.       The signal

strength data is used by knnSearch() to calculate the location and the coordinates

of x and y values are return to allow display on the GUI. openMiniClient() is

simply the function to call the MiniClient class to start the AP Scanning Tool.

In the effort to increasing the positioning accuracies, the signal strength data

that later passes to the K-nearest neighbour search is the average signal

strength values from three consecutive scans.    If a signal strength value for any

specific access point was not retrieved, the previous value would be used.

        6.4.2.         MiniClient Class

The class contains four functions.

                                                                   Johnny Shih
Wireless LAN Location System                                                  44

Void checkShowUp(void);
void checkSaveFile(void);
void checkScan(void);
void setScan(void);

As the AP Scanning Tool was only to retrieve the stats of the detected access

points, the functions in the MiniClient were mostly about manipulating the stats.

checkShowUp() function enables and disables the showing of only updated access

points. checkSaveFile() enables or disables the AP stats being saved to a file.

checkScan() triggered by the start button starts or stops the scanning process.

setScan() is the function that carries out the scanning and displays the detected

access points and the stats on the screen.   The continuous scanning was done

by looping print_ap_info() function.

        6.4.3.        Opie Graphical Interface

The Wilfis’ user graphical interface was created using the OPIE API. All the

visual components on the application were the OPIE’s interface objects –

widgets, which can process user input and draw graphics.      The following two

figures are showing the interfaces for both the two programs. The side notes

describe the widget types of the objects in the class, with their names in the

source codes (in brackets) or the functions they would call when activated.

                                                                  Johnny Shih
Wireless LAN Location System                                          45

               Figure 6 – WiFi Location System GUI layout

                 Figure 7 – AP Scanning Tool GUI layout

                                                            Johnny Shih
Wireless LAN Location System                                                     46

7. Project Status and Testing

   7.1. Project Status

At the time of this report writing, the project design has already been completed.

The resulted Wireless LAN software-based location system, Wilfis was

thoroughly tested and debugged to correctly operate on the iPAQ H3630 with

Orinoco Silver Wireless LAN PC card.         Various radio maps and databases were

produced and looked into increasing positioning accuracies of the system.        The

environment, UQ Centre was also successfully setup in advance to support the

application testings and demonstrations at the ITEE Innovation Expo

(   The following diagram is the screenshots

from Wilfis application.

     Figure 8 – Wireless LAN Location System (Wilfis) final design screenshots

                                                                     Johnny Shih
Wireless LAN Location System                                                 47

   7.2. Project Testing and Performance

The project testings were carried out throughout various design stages.

Wireless LAN scanning support was the very first system component that was

designed and tested using the command line in the text only environment.

Both RF monitoring and active probing scanning modes were tested in various

locations including the UQ’s St. Lucia campus, nearby business buildings and

residential areas. There were no issues found on retrieving station information,

however, it was noticed the use of active probing (via mwvlan_cs and modified

iwlist) would occasionally cause system lockups (kernel panic) if being left

continuously running for a period of time.       The reason is still unknown;

however it is believed that the problem occurred at the device driver and during

its interaction with the OS kernel.

Various test results to the scanning showed that the different firmware on the

Orinoco Silver card would result in different return signal strength values from

access points.   Noticeable different results were found between the firmware

version 8.10 and 8.72 (two of the latest versions).      The version 8.10 was

chosen at the end due to its more consistent signal strength output.

In the final design testing, the WiFi Location System has shown an

approximate positioning with an estimation error from 3 to 4 metres.         The

positioning accuracies would decrease as the device (client) moving towards the

centre of the UQ Centre.     The AP Scanning Tool also showed no trouble

detecting access points within its range and retrieving their information.   The

tool can display up to 64 access points at every scan.

                                                                 Johnny Shih
Wireless LAN Location System                                              48

Some parts of Wilfis codes were written specifically to allow positioning

demonstrated in UQ Centre.    However, because the application’s modularity,

after some minor modifications it will work as a general location tool in many

indoor environments.

                                                               Johnny Shih
Wireless LAN Location System                                                  49

8. Future Improvements

There are certainly many enhancements that can be made to the design.         The

propagation model may be used to replace or combine with the existing

empirical model. The future developers can do this by simply replacing the

k-nearest neighbour search function, with their own functions to carry out the

positioning process.

The ability to track multiple users could be implemented.   One way to achieve it

is to make the uses of server and client model.    A central server is included in

the system to compute, receive, collect and sends signal strength values and

location coordinates.    Every handheld that uses the Wireless LAN location

system sends the signal strength values to the sever upon each completion of

access point scanning.     The server computes the coordinates for the client

device and sends the information back along with the location information for

other clients.   The client device which receives the information can then choose

to display only itself or with other users on the screen.     Because the most

complex computations were taken cared by the server, this is also to provide an

attractive alternative to enable location tracking for slow processor Wireless LAN

devices or machines that were designed for low-power consumption.

There should be also a consideration to improve the system to support the

802.11g devices.       To do that, only Wireless LAN scanning part requires


                                                                  Johnny Shih
Wireless LAN Location System                                               50

9. Conclusion

The Wireless LAN location system that works on handheld devices has been

successfully designed.   The system (Wilfis) contains two programs to provide

two functionalities. WiFi Location System is the positioning program written

to be tested at the UQ Centre and it has achieved a good accuracy of 3 to 4

metres. AP Scanning Tool program provides the ability to detect the nearby

access points and display their signal-related information.    Both programs

contain graphical interfaces for information display and user control. At the

end the design is a fully software-based positioning system that has been made

modular to accept different re-designs.

Wilfis, is one of the few Wireless LAN positioning tools that were developed to

work on handheld devices.    And as the Wireless LAN deployment (in particular

802.11b and 802.11g) continues to grow, this successful implementation might

be showing what it could be a popular and an inexpensive solution for mobile

indoor positioning in the near future.

                                                                Johnny Shih
Wireless LAN Location System                                                  51

10. References
[1] The Institute of Electrical and Electronics Engineers, Inc. “IEEE P802.11,
The Working Group for Wireless LANs”,

[2] Peter H. Dana, “Global Positioning System Overview“,

[3] Matthew Gast, “802.11 Wireless Networks: The Definitive Guide” , April

[4] Nicola Lenihan, University of Limberick, “WLAN POSITIONING”,

[5] Bahl, P. et al. Microsoft Corp. “RADAR: An In-Building RF-based User Location
and Tracking System”,

[6] Student Project at Lulea University of Technology, “Advanced WaveLan
Positioning”, May 2001,,

[7] Blake M. Harris, “Amulet: Approximate Mobile User Location Tracking System”,

[8] Sun Microsystems, Inc., “Java Foundation Classes: Cross-Platform GUIs &
Graphics “,

[9] Stanford University, “Halibut: An Infrastructure for Wireless LAN-based
Location Tracking”,

[10] Ekahau, Inc., “Ekahau Technology and Products”,

[11] University of Helsinki, “CoSCo - Complex Systems Computation Group”,

[12] University of Washington, SpotON: Ad-hoc Location Sensing

                                                                 Johnny Shih
Wireless LAN Location System                                                52
[13] W. Slavin, “net stumbler dot com”,

[14] Gerald Combs, “The Ethereal Network Analyzer”,

[15] Florian Boor, “PrismStumbler”,

[16] Jean Tourrilhes, “Wireless Extensions for Linux”,

[17] Jean Tourrilhes, “Wireless Tools for Linux”,

[18] Dave Mount, “ANN: Library for Approximate Nearest Neighbor Searching”,

[19] Hewlett-Packard Development Company, L.P., “Compaq iPAQ Pocket PC
H3600 Series - Features and Specifications”,

[20]Proxim, “ORiNOCO 11b Client PC Card”,

                                                                Johnny Shih
 Wireless LAN Location System


Appendix 1-1
apscan.h Code Listing

#ifndef APSCAN_H
#define APSCAN_H

typedef struct ap_stat
     char essid[32+1];
     int qualcur;
     int qualmax;
     int signal;
     int noise;
     int updated;
} apstat;

/* Number of available slots to store AP statistics.
* In version 16 of wireless extensions support, the number
* has been increased to 64 (IW_MAX_AP), from the previous 8.
apstat apstats[64];

/* Number of AP addresses scanned */
extern int n;

/* A buffer to store system time */
char timecur[32];

extern int print_ap_info(char *ifname);
extern int checkIf(char *ifname);

#endif // APSCAN_H

                                                        Johnny Shih
 Wireless LAN Location System

Appendix 1-2
apscan.c Code Listing

#include <time.h>
#include <stdio.h>

#include "iwlib.h"
#include "apscan.h"

* Global Variables
int n;   /* Number of AP addresses scanned */

* This function does ap scanning.
static int get_ap_info(int skfd, char *ifname)
     struct   iwreq          wrq;
     char     buffer[(sizeof(struct iw_quality) +
                        sizeof(struct sockaddr)) * IW_MAX_AP];
     char     temp[128];
     struct   sockaddr *      hwa;
     struct   iw_quality *    qual;
     iwrange range;
     int has_range = 0;
     int has_qual = 0;
     int i;

     /* Collect stats */ = (caddr_t) buffer; = IW_MAX_AP; = 0;
     if(iw_get_ext(skfd, ifname, SIOCGIWAPLIST, &wrq) < 0)

                                                             Johnny Shih
 Wireless LAN Location System

        fprintf(stderr, "%-8.8s Interface doesn't have a list of
Peers/Access-Points\n\n", ifname);

    /* Number of addresses */
    n =;
    has_qual =;

    /* The two lists */
    hwa = (struct sockaddr *) buffer;
    qual = (struct iw_quality *) (buffer + (sizeof(struct sockaddr) * n));

    /* Check if we have valid mac address type */
    if(iw_check_mac_addr_type(skfd, ifname) < 0)
        fprintf(stderr, "%-8.8s Interface doesn't support MAC
addresses\n\n", ifname);

    /* Get range info if we can */
    if(iw_get_range_info(skfd, ifname, &(range)) >= 0)
        has_range = 1;

    for(i = 0; i < n; i++)
        /* when the stats returned include signal qualities */
            /* Store AP stats into buffer */
            iw_ether_ntop((const struct ether_addr *)hwa[i].sa_data,
            iw_print_stats(temp, &qual[i], &range, has_range);
            apstats[i].qualcur = ap_qualcur;
            apstats[i].qualmax = ap_qualmax;
            apstats[i].signal = ap_signal;
            apstats[i].noise = ap_noise;

                                                           Johnny Shih
 Wireless LAN Location System

             apstats[i].updated = ap_updated;
             iw_ether_ntop((const struct ether_addr *)hwa[i].sa_data,
             apstats[i].qualcur = 0;
             apstats[i].qualmax = 0;
             apstats[i].signal = 0;
             apstats[i].noise = 0;
             apstats[i].updated = 0;

     return 0;

* The function checks if the specified interface name has been
* properly registered to the linux kernel.
int checkIf(char *ifname)
     FILE *f;
     char u[32];
     char s[256];

     f = fopen ("/proc/net/wireless", "r");
     if (f == NULL)
         return 0;
     while (fgets (s, 255, f) != NULL)
         sscanf (s, "%s: %*d %d. %*d. %*d. %*d %*d %*d %*d %*d", u);
         u[strlen(u)-1] = '\0';
         if (strcmp (ifname, u) == 0)
     if (strcmp (ifname, u) == 0)

                                                          Johnny Shih
 Wireless LAN Location System

                 return 1;
         return -1;
     fclose (f);

* This function gets current time and place into a buffer.
static void get_time(void)
     time_t distime;

     strcpy(timecur, ctime(&distime));
     timecur[strlen(timecur)-6] = '\0';    /* get rid of '\n' and year */

* The function creates the socket to send scanning request to
* the driver. It then uses get_ap_info function to retrieve
* information of all AP stations and store into formatted buffer.
int print_ap_info(char *ifname)
     int skfd;     /* generic raw socket descriptoer */

     /* create a channel to the NET kernel */
     if ((skfd = iw_sockets_open()) < 0)
         return -1;

     /* scan ap stats and write to the file */
     get_ap_info(skfd, ifname);

     /* record current time that scanning has occurred */

                                                            Johnny Shih
Wireless LAN Location System


    /* close the socket */

    return 0;

                               Johnny Shih
 Wireless LAN Location System

Appendix 2-1
knn.h Code Listing

#ifndef KNN_H
#define KNN_H

extern bool searchKnn(void);
extern int mapstats[6];
extern int myPoint[2];

#endif // KNN_H

                                Johnny Shih
 Wireless LAN Location System

Appendix 2-2
knn.cpp Code Listing

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <math.h>
#include <ANN/ANN.h>
#include "knn.h"

int k = 3;        /* number of near neighbours to find */
int dim = 6;           /* number of APs installed in the radio map */
double eps = 0;        /* error bound */
int m_pts = 60; /* number of reference points in the radio map */

int myPoint[2];        /* coordinates of averaged lockation */
FILE *stats_file;      /* file stream to open the database file */

* this function reads all the points from radio map file and puts them into
* the database the kNN (ANN) algorithm that uses internally.
bool readPt(int n, ANNpoint p, int xcoords[], int ycoords[])
     * Read in every dim lines, on each line, the signal strength measurement
     * becomes the index to p.
     char *x, *y, *MAC, *signal; /* temporary variables */
     for (int j = 0; j < dim; j++)
     char line[256] = "";
     if (fgets(line, 256, stats_file) != NULL)
          x = strtok(line, ",");
          xcoords[n] = strtol(x, NULL, 10);

                                                              Johnny Shih
 Wireless LAN Location System

         y = strtok(NULL, ",");
         ycoords[n] = strtol(y, NULL, 10);
         MAC = strtok(NULL, ",");
         signal = strtok(NULL, ",");
         p[j] = strtod(signal, NULL); /* dimension of each point */

     return ANNtrue;

* This function perfoms the K-nearest neighbour search/
bool searchKnn (void)
     int i;
     int n_pts;        /* number of data points */
     ANNpointArray data_pts; /* data points - collected with readPt()
function */
     ANNpoint query_pt;    /* query point */
     ANNidxArray nn_idx; /* near neighbour indices */
     ANNdistArray dists; /* near neigbour distances */
     ANNkd_tree *the_tree;    /* search structure */

     query_pt = annAllocPt(dim); /* allocate query point */
     data_pts = annAllocPts(m_pts, dim); /* allocate data points */
     nn_idx = new ANNidx[k]; /* allocate near neighbour indices */
     dists = new ANNdist[k]; /* allocate near neighbour distances */

     /* Specify arrays and their sizes that store points' coordinates */
     int xcoords[m_pts];
     int ycoords[m_pts];

     int sumx;
     int sumy;

     /* Read data points */

                                                           Johnny Shih
 Wireless LAN Location System

    n_pts = 0;
    stats_file = fopen("mapstats.dat","r");
    while (n_pts < m_pts && readPt(n_pts, data_pts[n_pts], xcoords,
ycoords)) n_pts++;

    the_tree = new ANNkd_tree(data_pts, n_pts, dim);

    /* Store the AP signal strength values in query point array */
    for (i = 0; i < dim; i++)
        query_pt[i] = mapstats[i];

    /* Search for the nearest neighbour */
    the_tree->annkSearch(query_pt, k, nn_idx, dists, eps);

    sumx = 0;
    sumy = 0;

    /* Average the locations of the k nearest neighbours */
    for (i = 0; i < k; i++)
        sumx += xcoords[nn_idx[i]];
        sumy += ycoords[nn_idx[i]];

    myPoint[0] = sumx/k;
    myPoint[1] = sumy/k;

    return true;

                                                         Johnny Shih
 Wireless LAN Location System

Appendix 3-1
main.cpp Code Listing

#include "wilfis.h"

int main( int argc, char **argv )
    QPEApplication app( argc, argv );

    WilfisWindow ww;

    /* Turn off Mini-Keyboard display if it is on */
    QPEApplication::setInputMethodHint( &ww, QPEApplication::AlwaysOff );

    /* show application with widgets with fixed and maxmised window */
    ww.setCaption("Wilfis - WiFi Location System");

    return app.exec();

                                                          Johnny Shih
 Wireless LAN Location System

Appendix 3-2
wilfis.h Code Listing

#ifndef WILFIS_H
#define WILFIS_H

#include <qpe/qpeapplication.h>
#include <qwidget.h>
#include <qlistview.h>
#include <qlabel.h>
#include <qpopupmenu.h>

class LocationDisplay : public QWidget
     LocationDisplay(QWidget *parent = 0, const char *name =0);
     QPixmap floorplan;
     void herePaint(int xpos, int ypos, QPixmap mypic);
     void apPaint(int apnum);

* Main widget called by QPEApplication
class WilfisWindow : public QWidget
       WilfisWindow(QWidget *parent = 0, const char *name = 0);
     QWidget *sceneDisplay;
     LocationDisplay *locDisplay;
     QPushButton *start;
     QPushButton *exit;
     QLabel *numAp1;
     QLabel   *macAp1;

                                                          Johnny Shih
 Wireless LAN Location System

     QLabel   *sigAp1;
     QLabel *numAp2;
     QLabel   *macAp2;
     QLabel   *sigAp2;
     QLabel *numAp3;
     QLabel   *macAp3;
     QLabel   *sigAp3;
     QLabel *numAp4;
     QLabel   *macAp4;
     QLabel   *sigAp4;
     QLabel *numAp5;
     QLabel   *macAp5;
     QLabel   *sigAp5;
     QLabel *numAp6;
     QLabel   *macAp6;
     QLabel   *sigAp6;
     QLabel   *sb;
     void resDisplay(void);

public slots:
     void checkStart(void);
     void setStart(void);
     void openMiniClient(void);

class ApListView : public QListView
     ApListView(QWidget *parent = 0, const char *name = 0);

* Mini Apscan client
class MiniClient : public QWidget

                                                          Johnny Shih
 Wireless LAN Location System

     MiniClient(QWidget *parent = 0, const char *name = 0, WFlags f =
     QPopupMenu *mcPopFile;
     QPopupMenu *mcPopOpt;
     QLabel *indi;
     ApListView *mcListView;
     QListViewItem *itemPrev;
     QListViewItem *itemCurr;
     QLabel *sb;
     QPushButton *scan;
public slots:
     void checkShowUp(void);
     void checkSaveFile(void);
     void checkScan(void);
     void setScan(void);

#endif   // WILFIS_H

                                                          Johnny Shih
 Wireless LAN Location System

Appendix 3-3
wilfis.cpp Code Listing

#include <stdio.h>
#include <unistd.h>
#include <math.h>
#include <qpe/qpemenubar.h>
#include <qpe/qcopenvelope_qws.h>
#include <qpushbutton.h>
#include <qmessagebox.h>
#include <qlayout.h>
#include <qtimer.h>

* Header files of C functions.
extern "C" {
     #include "apscan.h"

#include "wilfis.h"
#include "knn.h"

* Global Variables
int scanset = 0;           /* toggle scanning */
int saveChecked = 0;          /* toggle save to file */
int showChecked = 0;          /* toggle show updated only */
int colour = 0;            /* toggle colour change */
FILE *scandata;            /* file stream */
int prevs[6];              /* previous signal strength values */
int mapstats[6];           /* AP stats used to calculate location */
bool aptrig[6];            /* AP signal strength updated check */
int xpixel = 0;            /* x pixel location on the map */
int ypixel = 0;            /* y pixel location on the map */

                                                               Johnny Shih
 Wireless LAN Location System

int numtoavg = 3;         /* number of signal strength values to average */
int sumap[6];             /* sum of signal strength values from 'numtoavg'
consecutive scans */

static char *ifname = "eth0";      /* specify the wirless interface name

/* Static APs' MAC addresses installed in UQ Centre */
static QString strAp1 = "00:40:05:C0:73:01";
static QString strAp2 = "00:40:05:C0:73:04";
static QString strAp3 = "00:40:05:C0:73:43";
static QString strAp4 = "00:40:05:C0:72:93";
static QString strAp5 = "00:40:05:C0:73:41";
static QString strAp6 = "00:40:05:C0:72:AA";

* Enable/disable screen saver hint. *TRUE* sets the device to turn off
* backlight and blank after sometime. *FALSE* sets the device to never
* go blank with backlight always on.
static void toggleScreenSaver( bool on )
    QCopEnvelope e("QPE/System", "setScreenSaverMode(int)");
    e << (on ? QPEApplication::Enable : QPEApplication::DisableLightOff);

* WifisMain class instantiation (constructor).
WilfisWindow::WilfisWindow(QWidget *parent, const char *name)
         : QWidget(parent, name)
      int i;
      char syscmd[64];

      /* Turn off screen saver hint */

                                                            Johnny Shih
 Wireless LAN Location System

     /* Enable automatic scanning */
     sprintf (syscmd, "iwpriv %s sscan_enable 1", ifname);

     * Starting signal strength values from the 6 APs.
     * They are replaced with the new values are getting
     * from all the APs during active scannings.
     for (i = 0; i < 6; i++)
           prevs[i] = -66;
           mapstats[i] = -66;

     * The top-level layout that contain all the widgets and sub-layouts.
     * The margin between child windows is 1 pixel.
     QBoxLayout *topLayout = new QVBoxLayout(this, 0);

     /* This sub-layout shows partial map outside UQ Centre */
     sceneDisplay = new QWidget(this);
     QPixmap scenepix = QPixmap("scene.jpg");

     /* This sub-layout that contains the window to display target position
     locDisplay = new LocationDisplay(this, "locDisplay");

          /* This sub-layout that contains the grid to display AP stats */
          QGridLayout *apdisplayLayout = new QGridLayout(topLayout, 0, 0, 1);

     /* first AP */
     numAp1 = new QLabel("1", this, "numAp1");
     numAp1->setFont(QFont("", 10, QFont::Bold));

                                                              Johnny Shih
Wireless LAN Location System

  numAp1->setFixedSize(QSize(14, 14));
  numAp1->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  macAp1 = new QLabel(strAp1, this, "macAp1");
  macAp1->setFont(QFont("", 10, QFont::Bold));
  macAp1->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  sigAp1 = new QLabel("0 dBm", this, "sigAp1");
  sigAp1->setFont(QFont("", 10, QFont::Bold));
  sigAp1->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  apdisplayLayout->addWidget(numAp1, 0, 0);
  apdisplayLayout->addWidget(macAp1, 0, 1);
  apdisplayLayout->addWidget(sigAp1, 0, 2);

  /* second AP */
  numAp2 = new QLabel("2", this, "numAp2");
  numAp2->setFont(QFont("", 10, QFont::Bold));
  numAp2->setFixedSize(QSize(14, 14));
  numAp2->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  macAp2 = new QLabel(strAp2, this, "macAp2");
  macAp2->setFont(QFont("", 10, QFont::Bold));
  macAp2->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  sigAp2 = new QLabel("0 dBm", this, "sigAp2");
  sigAp2->setFont(QFont("", 10, QFont::Bold));
  sigAp2->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  apdisplayLayout->addWidget(numAp2, 1, 0);
  apdisplayLayout->addWidget(macAp2, 1, 1);
  apdisplayLayout->addWidget(sigAp2, 1, 2);

  /* third AP */

                                                       Johnny Shih
Wireless LAN Location System

  numAp3 = new QLabel("3", this, "numAp3");
  numAp3->setFont(QFont("", 10, QFont::Bold));
  numAp3->setFixedSize(QSize(14, 14));
  numAp3->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  macAp3 = new QLabel(strAp3, this, "macAp3");
  macAp3->setFont(QFont("", 10, QFont::Bold));
  macAp3->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  sigAp3 = new QLabel("0 dBm", this, "sigAp3");
  sigAp3->setFont(QFont("", 10, QFont::Bold));
  sigAp3->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  apdisplayLayout->addWidget(numAp3, 2, 0);
  apdisplayLayout->addWidget(macAp3, 2, 1);
  apdisplayLayout->addWidget(sigAp3, 2, 2);

  /* forth AP */
  numAp4 = new QLabel("4", this, "numAp4");
  numAp4->setFont(QFont("", 10, QFont::Bold));
  numAp4->setFixedSize(QSize(14, 14));
  numAp4->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  macAp4 = new QLabel(strAp4, this, "macAp4");
  macAp4->setFont(QFont("", 10, QFont::Bold));
  macAp4->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  sigAp4 = new QLabel("0 dBm", this, "sigAp4");
  sigAp4->setFont(QFont("", 10, QFont::Bold));
  sigAp4->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  apdisplayLayout->addWidget(numAp4, 3, 0);
  apdisplayLayout->addWidget(macAp4, 3, 1);
  apdisplayLayout->addWidget(sigAp4, 3, 2);

                                                       Johnny Shih
Wireless LAN Location System

  /* fifth AP */
  numAp5 = new QLabel("5", this, "numAp5");
  numAp5->setFont(QFont("0 dBm", 10, QFont::Bold));
  numAp5->setFixedSize(QSize(14, 14));
  numAp5->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  macAp5 = new QLabel(strAp5, this, "macAp5");
  macAp5->setFont(QFont("", 10, QFont::Bold));
  macAp5->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  sigAp5 = new QLabel("0 dBm", this, "sigAp5");
  sigAp5->setFont(QFont("", 10, QFont::Bold));
  sigAp5->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  apdisplayLayout->addWidget(numAp5, 4, 0);
  apdisplayLayout->addWidget(macAp5, 4, 1);
  apdisplayLayout->addWidget(sigAp5, 4, 2);

  /* sixth AP */
  numAp6 = new QLabel("6", this, "numAp6");
  numAp6->setFont(QFont("", 10, QFont::Bold));
  numAp6->setFixedSize(QSize(14, 14));
  numAp6->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  macAp6 = new QLabel(strAp6, this, "macAp6");
  macAp6->setFont(QFont("", 10, QFont::Bold));
  macAp6->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  sigAp6 = new QLabel("0 dBm", this, "sigAp6");
  sigAp6->setFont(QFont("", 10, QFont::Bold));
  sigAp6->setFrameStyle(QFrame::WinPanel | QFrame::Plain);
  apdisplayLayout->addWidget(numAp6, 5, 0);

                                                       Johnny Shih
Wireless LAN Location System

  apdisplayLayout->addWidget(macAp6, 5, 1);
  apdisplayLayout->addWidget(sigAp6, 5, 2);

  /* status bar */
  sb = new QLabel(this);
  sb->setText(" Press 'Start' to run.");
  sb->setFont(QFont("", 10, QFont::Normal));

  /* The sub-layout that contains the buttons */
  QBoxLayout *buttonsLayout = new QHBoxLayout(topLayout, 0);

  /* start pushbutton */
  start = new QPushButton("&Start", this, "start");
  start->setFont(QFont("", 10, QFont::Bold));
  start->setPalette(QColor(165, 170, 225));
  connect(start, SIGNAL(clicked()), SLOT(checkStart()));

  /* quit pushbutton */
     exit = new QPushButton("&Exit", this, "exit");
  exit->setFont(QFont("", 10, QFont::Bold));
     connect(exit, SIGNAL(clicked()), qApp, SLOT(quit()));

  /* more pushbutton */
     QPushButton *more = new QPushButton("&More..", this, "more");
  more->setFont(QFont("", 10, QFont::Bold));
  connect(more, SIGNAL(clicked()), SLOT(openMiniClient()));

                                                       Johnny Shih
 Wireless LAN Location System


* WilfisWindow class destructor
     char syscmd[64];

     /* turn on screen saver hint */

     /* Disable automatic scanning */
     sprintf(syscmd, "iwpriv %s sscan_enable 0", ifname);

* LocationDisplay class constructor.
* This class loads the selected image file on the GUI.
LocationDisplay::LocationDisplay(QWidget *parent, const char *name)
     : QWidget(parent, name)
     QPixmap mypic;

     /* Set background */
     floorplan.load("uqcentre.jpg" );


* The function displays the 'I am Here' icon on the map.

                                                            Johnny Shih
 Wireless LAN Location System

void LocationDisplay::herePaint(int xpos, int ypos, QPixmap mypic)
     QPainter p(this);

     p.drawPixmap(xpos, ypos, mypic);

* The function highlights the APs on the map that last scan has gotten
* the signal strength values.
void LocationDisplay::apPaint(int apnum)
     QPixmap ap;
     QPainter p(this);
     int hpix = 0;
     int vpix = 0;

     switch (apnum)
         case 0:
             hpix = (width()-ap.width()-11);
             vpix = (height()-ap.height()-11);
         case 1:
             hpix = (width()-ap.width()-11);
             vpix = 11;

         case 2:
             hpix = 89;
             vpix = (height()-ap.height()-9);
         case 3:

                                                         Johnny Shih
 Wireless LAN Location System

             hpix = 141;
             vpix = 9;
         case 4:
             hpix = 9;
             vpix = (height()-ap.height()-9);
         case 5:
             hpix = 9;
             vpix = 9;
     p.drawPixmap(hpix, vpix, ap);

* This function resets the GUI display to default.
void WilfisWindow::resDisplay(void)
     QColor bgColour = QColor(255, 255, 255);   /* background colour */


                                                         Johnny Shih
 Wireless LAN Location System


* This is a simple function to check if the Start pressed is to
* start or stop scanning.
void WilfisWindow::checkStart(void)
     QString warnMsg;
     if (scanset == 0)
         if (checkIf(ifname) == 1)
             scanset = 1;
             warnMsg.sprintf("Wireless interface '%s' is \nnot found!",
             QMessageBox::critical(this, "Error!", warnMsg);
             scanset = 0;
     else if (scanset == 1)
         scanset = 0;
         usleep(500*1000);        /* 0.5 second delay */

                                                           Johnny Shih
 Wireless LAN Location System


* This function initialises the positioning of the client.
void WilfisWindow::setStart(void)
     int i, j;
     int rows = 0;
     int scancount = 0;
     QString sigString;
     QString sbString;
     QPixmap mypic;
     QColor colourAp = QColor(255, 175, 145);

     for (i = 0; i < 6; i++)
         sumap[i] = 0;
         aptrig[i] = 0;

     for (j = 0; j < numtoavg; j++)
         rows = n;

         for (i = 0; i < rows; i++)
             if (strcmp(apstats[i].essid, strAp1) == 0)
                 if (apstats[i].updated == 1)
                      sumap[0] += apstats[i].signal;
                      prevs[0] = apstats[i].signal;
                      aptrig[0] = true;

                                                          Johnny Shih
Wireless LAN Location System

                  sumap[0] += prevs[0];

          else if (strcmp(apstats[i].essid, strAp2) == 0)
              if (apstats[i].updated == 1)
                  sumap[1] += apstats[i].signal;
                  prevs[1] = apstats[i].signal;
                  aptrig[1] = true;
                  sumap[1] += prevs[1];
          else if (strcmp(apstats[i].essid, strAp3) == 0)
              if (apstats[i].updated == 1)
                  sumap[2] += apstats[i].signal;
                  prevs[2] = apstats[i].signal;
                  aptrig[2] = true;
                  sumap[2] += prevs[2];
          else if (strcmp(apstats[i].essid, strAp4) == 0)
              if (apstats[i].updated == 1)
                  sumap[3] += apstats[i].signal;
                  prevs[3] = apstats[i].signal;

                                                       Johnny Shih
Wireless LAN Location System

                  aptrig[3] = true;
                  sumap[3] += prevs[3];
          else if (strcmp(apstats[i].essid, strAp5) == 0)
              if (apstats[i].updated == 1)
                  sumap[4] += apstats[i].signal;
                  prevs[4] = apstats[i].signal;
                  aptrig[4] = true;
                  sumap[4] += prevs[4];
          else if (strcmp(apstats[i].essid, strAp6) == 0)
              if (apstats[i].updated == 1)
                  sumap[5] += apstats[i].signal;
                  prevs[5] = apstats[i].signal;
                  aptrig[5] = true;
                  sumap[5] += prevs[5];

  for (i = 0; i < 6; i++)

                                                       Johnny Shih
 Wireless LAN Location System

         mapstats[i] = sumap[i]/numtoavg;

    printf("(%d, %d, %d, %d, %d, %d)\n", mapstats[0], mapstats[1],
mapstats[2], mapstats[3], mapstats[4], mapstats[5]);

    resDisplay();   /* reset map display */

    * Paint updated AP on the map and AP information bars
    if (aptrig[0] == true)
         sigString.sprintf("%d dBm", mapstats[0]);
    if (aptrig[1] == true)
         sigString.sprintf("%d dBm", mapstats[1]);
    if (aptrig[2] == true)

                                                         Johnny Shih
Wireless LAN Location System

      sigString.sprintf("%d dBm", mapstats[2]);
  if (aptrig[3] == true)
      sigString.sprintf("%d dBm", mapstats[3]);
  if (aptrig[4] == true)

      sigString.sprintf("%d dBm", mapstats[4]);
  if (aptrig[5] == true)
      sigString.sprintf("%d dBm", mapstats[5]);

  if (scancount < 3)

                                                  Johnny Shih
 Wireless LAN Location System

        locDisplay->herePaint(xpixel, ypixel, mypic);
        sb->setText("Less than 3 APs. No locationing.");
        if (searchKnn())
            printf("XYCoordinates : (%d, %d)\n", myPoint[0], myPoint[1]);

            xpixel = myPoint[0] - mypic.width()/2;
            ypixel = locDisplay->height() - myPoint[1] - mypic.height()/2;

            * Make sure the location indicator stays in the map at all times.
            if (xpixel < 0 )
                 xpixel = 0;
            else if (xpixel > (locDisplay->width() - mypic.width()))
                 xpixel = locDisplay->width() - mypic.width();

            if (ypixel < 0)
                 ypixel = 0;
            else if (ypixel > (locDisplay->height() - mypic.height()))
                 ypixel = locDisplay->height() - mypic.height();

            printf("Position : (%d, %d)\n", xpixel, ypixel);
            locDisplay->herePaint(xpixel, ypixel, mypic);
            sbString.sprintf("Position updated (%d, %d) - %s", myPoint[0],
myPoint[1], timecur);

    if (scanset == 1)

                                                             Johnny Shih
 Wireless LAN Location System

              QTimer::singleShot(450, this, SLOT(setStart()));
     else if (scanset == 0)
         locDisplay->herePaint(xpixel, ypixel, mypic);
         sb->setText("The operation has been stopped.");

* The function opens the miniClient window.
void WilfisWindow::openMiniClient(void)
     char syscmd[64];

     /* Shutdown on-going scanning */
     scanset = 0;

     /* Reset scanning buffer */
     sprintf(syscmd, "iwpriv %s sscan_enable 0", ifname);
     sprintf(syscmd, "iwpriv %s sscan_enable 1", ifname);

     /* Initialise MiniClient */
     MiniClient *mc = new MiniClient(0, "mc");
     mc->setCaption("Wilfis - AP Scanning Tool");

* MiniClient class constructor.

                                                            Johnny Shih
 Wireless LAN Location System

MiniClient::MiniClient(QWidget *parent, const char *name, WFlags f)
    : QWidget(parent, name, f)
    /* The layout that contains grid items and buttons */
    QBoxLayout *mcTopLayout = new QVBoxLayout(this, 1);

    QBoxLayout *mcToolLayout = new QHBoxLayout(mcTopLayout, 1);

    /* Menubar */
    QPEMenuBar *menubar = new QPEMenuBar(this);
    menubar->setFont(QFont("", 11, QFont::Normal));
    mcPopFile = new QPopupMenu(this);
    mcPopFile->setFont(QFont("", 11, QFont::Normal));
    mcPopFile->insertItem("&Close", this, SLOT(close()), 0, 0, 0);
    mcPopOpt = new QPopupMenu(this);
    mcPopOpt->setFont(QFont("", 11, QFont::Normal));
    mcPopOpt->insertItem("Save To &File", this, SLOT(checkSaveFile()), 0,
1, 1);
    mcPopOpt->insertItem("Show &Updated Only", this, SLOT(checkShowUp()),
0, 2, 2);
    menubar->insertItem("File", mcPopFile);
    menubar->insertItem("Option", mcPopOpt);

    /* Scan indicator */
    indi = new QLabel(this);
    indi->setPalette(QPalette(QColor(255, 255, 255)));

    /* The listview widget to display the AP stats */
    mcListView = new ApListView(this, "mcListView");

                                                            Johnny Shih
 Wireless LAN Location System


    /* The layout that arrange the buttons */
    QBoxLayout *mcBottomLayout = new QHBoxLayout(mcTopLayout, 0);

    /* scan pushbutton */
    scan = new QPushButton("&Scan", this, "scan");
    scan->setFont(QFont("", 10, QFont::Bold));
    connect(scan, SIGNAL(clicked()), SLOT(checkScan()));

    /* Status bar */
    sb = new QLabel(this);
    sb->setText(" Press 'Scan' button to start.");
    sb->setFrameStyle(QFrame::Panel | QFrame::Sunken);
    sb->setFont(QFont("", 10, QFont::Normal));


    char syscmd[64];

    /* Stop AP scanning before quitting MiniClient */
    scanset = 0;

    /* Reset scanning buffer*/
    sprintf(syscmd, "iwpriv %s sscan_enable 0", ifname);
    sprintf(syscmd, "iwpriv %s sscan_enable 1", ifname);

                                                           Johnny Shih
 Wireless LAN Location System

* ApListView constructor.
ApListView::ApListView(QWidget *parent, const char *name)
     : QListView(parent, name)
     setFont(QFont("", 10, QFont::Bold));      /* set font type */
     setSorting(-1, FALSE);   /* set sorting format */
     addColumn("    MAC Address      ");

* This function enables or disables the AP stats being saved to a file.
void MiniClient::checkSaveFile(void)
     if (saveChecked == 0)
         saveChecked = 1;
         mcPopOpt->setItemChecked(1, TRUE);
     else if (saveChecked == 1)
         saveChecked = 0;
         mcPopOpt->setItemChecked(1, FALSE);

* This function enables and disables only the updated AP stats being shown.
void MiniClient::checkShowUp(void)

                                                            Johnny Shih
 Wireless LAN Location System

     if (showChecked == 0)
         showChecked = 1;
         mcPopOpt->setItemChecked(2, TRUE);
     else if (showChecked == 1)
         showChecked = 0;
         mcPopOpt->setItemChecked(2, FALSE);

* This function checks if the Scan button is pressed to start or stop
* the scanning.
void MiniClient::checkScan(void)
     QString warnMsg;

     if (scanset == 0)
         if (checkIf(ifname) == 1)
             scanset = 1;
             warnMsg.sprintf("Wireless interface '%s' is \nnot found!",
             QMessageBox::critical(this, "Error!", warnMsg);
             scanset = 0;

                                                          Johnny Shih
 Wireless LAN Location System

     else if (scanset == 1)
         scanset = 0;
         usleep(500*1000);    /* 0.5 second delay */

* The function that initiates the AP scanning.
void MiniClient::setScan(void)
     int i;
     int rows = 0;
     int snr = 0;
     int apcount = 0;
     int firstItem = 0;
     char apInfo[128];
     char upd[16];
     QString warnMsg;
     QString numString;
     QString qualString;
     QString sigString;
     QString noiString;
     QString snrString;
     QString sbString;

     /* Alternates colours of scanning indicator */
     if (colour == 0)
         indi->setPalette(QPalette(QColor(0, 0, 255)));
         colour = 1;
     else if (colour == 1)
         indi->setPalette(QPalette(QColor(255, 0, 0)));
         colour = 0;

                                                          Johnny Shih
 Wireless LAN Location System


    /* Scan */
    rows = n;
    firstItem = 1;

    if ((saveChecked == 1) && (rows >= 1))
        /* Open the file to write */
                scandata = fopen("scan.dat", "a");
                if (scandata == NULL)
                      QMessageBox::warning(this, "Warning!", "Unable to
open file 'scan.dat'.\n");
        fprintf(scandata, " Num     MAC Address      Quality    Signal
Noise   SNR \n");

    for (i = 0; i < rows; i++)
        /* Do not show non-updated APs */
        if (!((showChecked == 1) && (apstats[i].updated == 0)))
            if (firstItem != 1)
                  itemPrev = itemCurr;


            /* Convert values to Qstrings*/
            numString.sprintf("%d", apcount);
            qualString.sprintf("%d / %d", apstats[i].qualcur,
            sigString.sprintf("%d", apstats[i].signal);

                                                               Johnny Shih
 Wireless LAN Location System

              noiString.sprintf("%d", apstats[i].noise);
              snr = apstats[i].signal - apstats[i].noise;
              snrString.sprintf("%d", snr);

              /* Add item into ListView window */
              if (firstItem == 1)
                  itemCurr = new QListViewItem(mcListView, numString,
apstats[i].essid, qualString, sigString, noiString, snrString);
                  firstItem = 0;
              else if (firstItem != 1)
                  itemCurr = new QListViewItem(mcListView, itemPrev,
numString, apstats[i].essid, qualString, sigString, noiString,
              /* Save to file */
              if (saveChecked == 1)
                  /* Write AP stats into file */
                  sprintf(apInfo, " %d %s %d/%d      %d       %d
%d\n", apcount, apstats[i].essid, apstats[i].qualcur, apstats[i].qualmax,
apstats[i].signal, apstats[i].noise, snr);
                  fprintf(scandata, apInfo);


    if (showChecked == 1)
        sprintf(upd, "updated");
        sprintf(upd, "found");

                                                            Johnny Shih
 Wireless LAN Location System

    /* Display status in status bar */
    if (apcount < 2)
            sbString.sprintf(" %d AP %s - %s", mcListView->childCount(), upd,
            sbString.sprintf(" %d APs %s - %s", mcListView->childCount(), upd,

        if ((saveChecked == 1) && (rows >= 1))
            fprintf(scandata, "(Time scanned : %s)\n\n", timecur);
                 fclose(scandata); /* close the file */

    if (scanset == 1)
            QTimer::singleShot(1*1000, this, SLOT(setScan()));
    else if (scanset == 0)
            sb->setText(" Scanning has been stopped.");
            indi->setPalette(QPalette(QColor(255, 255, 255)));
            colour = 0;

                                                               Johnny Shih

Shared By: